Unverified Commit f88387af authored by kladko's avatar kladko

SKALE-3067-cleanup-sgx

parent c79d6ef6
...@@ -192,6 +192,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, ...@@ -192,6 +192,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
spdlog::error("failed to sign {}", status); spdlog::error("failed to sign {}", status);
throw SGXException(666, "failed to sign"); throw SGXException(666, "failed to sign");
} }
signatureVector.at(0) = to_string(signatureV); signatureVector.at(0) = to_string(signatureV);
if (base == 16) { if (base == 16) {
signatureVector.at(1) = "0x" + string(signatureR.data()); signatureVector.at(1) = "0x" + string(signatureR.data());
...@@ -205,9 +206,16 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, ...@@ -205,9 +206,16 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
pubKeyStr = getECDSAPubKey(encryptedKeyHex); pubKeyStr = getECDSAPubKey(encryptedKeyHex);
static uint64_t i = 0;
i++;
if (i % 1000 == 0) {
if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) { if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
throw SGXException(667, "ECDSA did not verify"); throw SGXException(667, "ECDSA did not verify");
} }
}
return signatureVector; return signatureVector;
} }
...@@ -1268,41 +1268,38 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1268,41 +1268,38 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
mpz_init(msgMpz);
signature sign = signature_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; LOG_ERROR(status);
goto clean;
} }
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
snprintf(errString, BUF_LEN, "pr key length is %zu ", strlen(skey));
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid secret key");
LOG_ERROR(skey); LOG_ERROR(errString);
mpz_clear(privateKeyMpz); goto clean;
return;
} }
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "invalid message hash");
LOG_ERROR(errString);
mpz_clear(privateKeyMpz); goto clean;
mpz_clear(msgMpz);
return;
} }
signature sign = signature_init();
signature_sign(sign, msgMpz, privateKeyMpz, curve); signature_sign(sign, msgMpz, privateKeyMpz, curve);
sigCounter++; sigCounter++;
...@@ -1316,28 +1313,22 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1316,28 +1313,22 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (!signature_verify(msgMpz, sign, Pkey, curve)) { if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2; *errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! "); snprintf(errString, BUF_LEN, "signature is not verified! ");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
signature_free(sign);
point_clear(Pkey); point_clear(Pkey);
goto clean;
return;
} }
point_clear(Pkey); point_clear(Pkey);
} }
SAFE_CHAR_BUF(arrM, mpz_sizeinbase(msgMpz, 16) + 2); SAFE_CHAR_BUF(arrM, BUF_LEN);
mpz_get_str(arrM, 16, msgMpz); mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM); snprintf(errString, BUF_LEN, "message is %s ", arrM);
SAFE_CHAR_BUF(arrR, mpz_sizeinbase(sign->r, base) + 2); SAFE_CHAR_BUF(arrR, BUF_LEN);
mpz_get_str(arrR, base, sign->r); mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024); strncpy(sigR, arrR, 1024);
SAFE_CHAR_BUF(arrS, mpz_sizeinbase(sign->s, base) + 2); SAFE_CHAR_BUF(arrS, BUF_LEN);
mpz_get_str(arrS, base, sign->s); mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024); strncpy(sigS, arrS, 1024);
...@@ -1345,6 +1336,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1345,6 +1336,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*errStatus = 0; *errStatus = 0;
clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
signature_free(sign); signature_free(sign);
...@@ -1362,10 +1355,6 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -1362,10 +1355,6 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN);
memset(encryptedPrivateKey, 0, BUF_LEN);
int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN); int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
......
...@@ -111,10 +111,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig ...@@ -111,10 +111,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
vector<char> signatureS(BUF_LEN, 0); vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0; uint8_t signatureV = 0;
for (int i = 0; i < 50; i++) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
(unsigned char *) hex.data(), (unsigned char *) hex.data(),
signatureR.data(), signatureR.data(),
signatureS.data(), &signatureV, 16); signatureS.data(), &signatureV, 16);
}
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
...@@ -286,6 +289,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") { ...@@ -286,6 +289,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
} }
} }
auto keyName = genECDSAKeyAPI(c);
Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
for (int i = 0; i <= 20; i++) { for (int i = 0; i <= 20; i++) {
try { try {
auto keyName = genECDSAKeyAPI(c); auto keyName = genECDSAKeyAPI(c);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment